Free vs. Followed

grasped hand The fight between the free market and the followed market is about to begin. And the way to bet is on the free market, because it’s what we know works best. Also because the followed market is nuts.  It only persists because it’s normative at the moment, and an enormous sum of investment is going into improving what’s most nuts about it: following people around and constantly guessing at what they might want (or trying to make them want something some algorithm thinks it might be able to make them want).

Let’s look at those norms a bit more closely. In the followed market, we —

  • Maintain separate logins and passwords for every site and service with which we do business, which might number in the hundreds
  • “Agree” to terms of service and privacy policies that we don’t bother to read because we have no choice but to accept them if we want to use the offered services
  • Acquiesce to stalking by sites and their third parties, even as we travel out of those sites and around the Web

In the physical world where the free market remains defaulted, you are free to be who you say you are (or to remain anonymous — that is, nameless in the literal sense), and to arrive at whatever terms are agreeable to you and the sellers you engage, with minimal coercion. This is what we enjoy when we walk through a bazaar, down Main Steet, or through a shopping mall. We don’t have to become a member of Nordstrom, or Trader Joe’s, The Container Store, or the corner grocer, to shop there, or to buy anything from them. And, when we do, we usually assume that we are not being tracked by the store after we leave.

In the followed market, we are free to choose between captors who make all the rules. Our personal identity is the separate one we have with each of them, and which they administrate. Our relationship with each of them is fully contained within their separate silo’d systems. Worst of all, we are stalked after we leave, as a matter of course. “Social” sites such as Facebook aid in surveillance by making it easy for us to spill all kinds of personal data — about ourselves and our contacts — when we “login with Facebook” elsewhere.

And its getting worse.

On July 30, 2010, The Wall Street Jounal inaugurated its What They Know series (http://wsj.com/wtk) with The Web’s New Gold Mine: Your Secrets, by Julia Angwin. Here were the key findings she reported:

• The study found that the nation’s 50 top websites on average installed 64 pieces of tracking technology onto the computers of visitors, usually with no warning. A dozen sites each installed more than a hundred. The nonprofit Wikipedia installed none.

• Tracking technology is getting smarter and more intrusive. Monitoring used to be limited mainly to “cookie” files that record websites people visit. But the Journal found new tools that scan in real time what people are doing on a Web page, then instantly assess location, income, shopping interests and even medical conditions. Some tools surreptitiously re-spawn themselves even after users try to delete them.

• These profiles of individuals, constantly refreshed, are bought and sold on stock-market-like exchanges that have sprung up in the past 18 months.

The new technologies are transforming the Internet economy. Advertisers once primarily bought ads on specific Web pages—a car ad on a car site. Now, advertisers are paying a premium to follow people around the Internet, wherever they go, with highly specific marketing messages.

On the 17th of this month, in Online Tracking Ramps Up, Julia begins,

Online tracking on 50 of the most-visited websites has risen sharply since 2010, driven in part by the rise of online-advertising auctions, according to a new study by data-management company Krux Digital Inc.

The average visit to a Web page triggered 56 instances of data collection, up from just 10 instances when Krux conducted its initial study, in November 2010. The latest study was conducted last December.”The main reason for the difference is live online auctions of data about you:

Krux estimated that such auctions, known as real-time bidding exchanges, contribute to 40% of online data collection.In real-time bidding, as soon as a user visits a Web page, the visit is auctioned to the highest bidder, based on attributes such as the type of page visited or previous Web browsing by the user. The bidding is done automatically using computer algorithms.

On June 26, the Journal published On Orbitz, Mac Users Steered to Pricier Hotels, by Dana Mattioli, who writes,

The Orbitz effort, which is in its early stages, demonstrates how tracking people’s online activities can use even seemingly innocuous information—in this case, the fact that customers are visiting Orbitz.com from a Mac—to start predicting their tastes and spending habits.

Imagine walking with a friend down 5th Avenue in New York and attempting to have a conversation about the totally different scenes both of you see when you look into the stores you pass or enter together. One of you sees hats in a store window while the other sees shoes. One sees a door where the other sees a wall. One sees a counter of candies while the other sees an aisle of garden tools. When one of you pauses to look at the cosmetics counter, the colors of lipstick suddenly change, because the store — or its third parties — know it’s you and start making guesses about what you might want, or that the companies paying for shelf space in the store hope to make you want. When the other looks at the store directory, she finds that the departments have been re-arranged. Now the shoe department is to her right when it used to be to the left. The dress shoes are now in the back, and all of them are red and black. Athletic shoes are now in front, because she paused to look in the window of a sporting goods store back up the street.

Whether or not this kind of personalization works is beside a more essential point: that in today’s online marketplace we are being followed constantly, with at most only our tacit approval. Without the conscious involvement of fully human customers, operating as free and independent actors possessing full agency, the online environment has gone insane. That is, without coherence, or grounding in reality. It makes sense only to the vendor’s side of the marketplace, and even there it’s not fully together. Writes Julia Angwin in her most recent story,

More than half the time, Krux found that data collectors were piggybacking on each other. For example, when a user visited a website that had code for one tracking technology, the data collection would call out to and trigger other tracking technologies that weren’t embedded on the site. As a result of such piggybacking, websites often don’t know how much data are being collected about their users.

‘It may be the first medium where the buyers have more information about the price, the value and the amount of inventory than the seller,’ said Krux President Gordon McLeod.

In the free market, as it has been understood since our ancestors first traded shells for seeds, certain things are stable and well understood. These include not only the physical nature of locations, but social norms and protocols for interacting with each other, which begin with the assumption that the other party is a free, independent and sovereign being who controls what is public and what is private about themselves. (Which is why, for example, we tend to wear clothes in public and live in enclosed spaces.)

In the free market it would be absurd for a guy from a store to put a hand in your pocket and hold onto your leg while you walked around, saying “Don’t mind me. I’m just here to see what you’re up to. Actually I don’t want to know your name, but just to track what your body is doing so you can get the best advertising and product offerings, based on what some machines think at the moment would be best for you and for us. It’s for your own good.” Or, more literally, to do the same with an invisible robot tick that attaches to your body and sucks out your data. But in the followed market, that stuff is normative in the extreme. And it works well enough, so far, at least for the advertisers and their intermediaries, that it persists in spite of its absurdities.

The followed market will fail not only because it is absurd and offensive to human sensibilities, but because it is not as effective as the kind of simple human interactions we were all built for in the first place. We don’t have those online yet — not in the commercial space comprised of billions of competing silos. But we will. Count on it. The Web we know is just seventeen years old (dating back to the first graphical browsers in 1995).

In a general way, what the free market still lacks online is a build-out of capabilities on the customers’ side to match the build-out of capabilities on the vendors’ side. That’s what ProjectVRM has been working toward for the past six years. The result so far is a growing list of developers, projects and prospects for major breakthroughs in customer capacity to assert independence, establish privacy boundaries, and deal with vendors as self-empowered equals and not as vendor-defined and -controlled dependents.

Customer Commons’ mission is to preserve and improve the free market, both online and off, by helping customers become free and independent participants in that market. So, while ProjectVRM remains focused on development and developers, Customer Commons is focused on putting those developments to work for customers — and for giving customers a way to participate in that development, and to lead it forward.

And we welcome your help with that.

Privacy is personal

In the physical world, we govern privacy with clothes and walls, buttons, zippers, windows and doors. (See Clothing as a privacy system.)

We also see privacy as a thing that can be possessed. That’s the framing for statements like, “Give me some privacy, and “Don’t take away my privacy.”

On another hand (there can be many), we also see privacy as a state of being: “This is private.” “Keep this private.”

The American Heritage Dictionary defines privacy as “1. a) The quality or condition of being secluded from the presence or view of others; b) The state of being free from unsanctioned intrusion: a person’s right to privacy”; and  “2. The state of being concealed; secrecy.” The Collins English Dictionary (at that same link) adds one more: “3. (Philosophy) Philosophy the condition of being necessarily restricted to a single person.” The boldface is mine. I like that one. (And not just because I majored in philosophy, back in the decade.)

That’s the noun. To mine the derivational vein, we must also dig the adjective. Here’s American Heritage on private:

  1. a. Secluded from the sight, presence, or intrusion of others: a private hideaway; b. Designed or intended for one’s exclusive use: a private room.
  2. a. Of or confined to the individual; personal: a private joke; private opinions.private road b. Undertaken on an individual basis: private studies; private research. c. Of, relating to, or receiving special hospital services and privileges: a private patient.
  3. Not available for public use, control, or participation: a private club; a private party.
  4. a. Belonging to a particular person or persons, as opposed to the public or the government: private property. b. Of, relating to, or derived from nongovernment sources: private funding. c. Conducted and supported primarily by individuals or groups not affiliated with governmental agencies or corporations: a private college; a private sanatorium. d. Enrolled in or attending a private school: a private student.
  5. Not holding an official or public position: a private citizen.
  6. a. Not for public knowledge or disclosure; secret: private papers; a private communication. b. Not appropriate for use or display in public; intimate: private behavior; a private tragedy. c. Placing a high value on personal privacy: a private person.

Here’s what it says about deep sources for private (and also for privacy): “Middle English privat from Latin privatusnot in public life, past participle of privare, to release, deprive, from privussingle, alone… Indo-European roots.”

Thus, here in the everyday vernacular of the physical world, privacy is well understood, and has been since before we had History. But “here” now also constitutes the virtual world, where you are equally present, and reading this text right now. In the physical “here,” your privacy is provided by what you’re wearing and where you locate yourself. Your choices in the virtual “here” are not so plain and clear. Not yet, anyway. At best we can only hope that the stuff we try to keep private will stay that way. And it is best lately to hope less than you used to, because there is a large and growing business in abusing your privacy in the virtual world. That business is advertising. For that business, your privacy is a problem that can only be solved with a promise: Trust us. We not only respect your privacy, but are in business to help you. Buy stuff, that is.

Credit where due: the Internet Advertising Bureau (IAB) is deeply concerned about privacy, and requires that its members adhere to a raft of privacy principles. Here’s one: “Businesses collecting or using information about individual consumers for interactive advertising purposes should provide choice, where appropriate, to that individual. Consumers also should receive relevant education regarding cross-industry opportunities to opt out of the collection or use of individual information or other methods to exercise choice.”

However well-intended this might be, it’s a window fan blowing against the storm of wealth-creation that the “interactive” advertising business has become. On Friday, Facebook went public with a valuation exceeding $100 billion. Its business is advertising. So is Google’s, with a market cap hovering around $200 billion. The goal for both companies is to “personalize” advertising as much as possible. This requires making their machines learn all they can about you, whether you know it or not. And, for all their talk about providing choices, they’d rather you not shut out their tentacles or cover their prying eyes.

If you want to operate on the Web today, it is almost impossible to avoid either company, or the thousands of other that are in the business of knowing as much as possible about you, so that information can be sold to advertisers and their agencies. Wanting to maximize the sum and quality of information about individuals is at absolute odds with those companies’ stated commitments to privacy — as well as individuals’ own sense, based on experience in the physical world, of what privacy is and how it should work.

Did you know that, when you go to a site that has a Facebook “like” button, Facebook will know you were there, even if you don’t click on the button? Also, says Consumer Reports, “Even if you have restricted your information to be seen by friends only, a friend who is using a Facebook app could allow your data to be transferred to a third party without your knowledge.” And, adds Abine, “You know those Facebook Like and Connect buttons you see on almost every website?  They’re not just for sharing: they’re tracking devices.  Facebook buttons can track both members and non-members of Facebook, even if you never click them.  They transmit your clicks, browsing history, IP address, and more to Facebook.”

Is Facebook going to stop doing that kind of thing on their own, when they believe it’s also the very thing that makes them the most money?

Not surprisingly, Consumer Reports’ parent, Consumers Union, wants a policy solution. That is, new laws that restrict the ability of Facebook and others to, for example, track us without our permission. Meanwhile CU has also put up the HearUsNow site, as a way for individuals to demand better treatment by Facebook. The White House has also issued a Privacy Bill of Rights, which offers guidelines for lawmaking.

In his landmark book, Understanding Privacy, Raymond Solove details the many ways that privacy is nearly impossible to pin down in legal argument, much less in policy. So, while he notes in the first sentence of his first chapter, “Supreme Court Justice Louis Brandeis pronounced it ‘the most comprehensive of rights and the right most valued by civilized men,'” he later adds that “legal scholar Arthur Miller has declared that privacy is ‘difficult to define because it is exasperatingly vague and evanescent.'” Solove’s own case is that “the value of privacy must be determined on the basis of its importance to society, not in terms of individual rights.” He adds, “the value of privacy in a particular context depends on the social importance of the activities it facilitates.” The prescriptive chapters of the book are devoted to laying out a taxonomic framework for understanding privacy problems. Because, sensibly, “A lucid, comprehensive, and concrete understanding of privacy will aid the creation of law and policy to address privacy issues.”

Which is fine, if you think corporations and governments are the only actors in the marketplace with full agency. That is, with the ability to act, and to cause effects. As individuals on the Web, we don’t have that ability today. (Imagine having a website agree to your terms and conditions, rather than the reverse.) One symptom of that is the call for legislative protection, which we wouldn’t have if we had full agency. So, the thinking goes, “We can’t protect ourselves, so the government should step in.”

I’m against that, at least for now, because I don’t believe we’ve done enough to empower individuals on their own. I’d rather we work on equipping individuals to enjoy full agency, as independent and sovereign beings, in the online marketplace as well as in the offline one. Or, in other words, to break out of the calf-cow system (called “client-server”) that we’ve been stuck in since 1995. I believe the personal nature of privacy, as it has been understood plainly since the late Pleistocene, requires that.

Some of the tools are already there. Public key cryptography, for example. Link contracts in XDI. The stuff Alec Muffett starts talking about in Slide 47 of his presentation here. Same goes for much of the work being done by the ProjectVRM development community. As ordinary folk we don’t need to understand the technologies behind all that work, but it helps to know that we’re not starting from zero.

At the very least we need some perspective here, based on the fact that we have hardly begun to explore what it will take to create physical-grade privacy on the Net. And that as we do, we need to keep it personal. That’s where privacy is best understood and measured. There is also cause and effect. If you and I don’t have privacy online, society won’t either.